Blogs tagged threat modeling

After peeking behind the curtains in our blog posts about Bug Bounty and Application Security testing, we’re continuing our series about how we secure SAP S/4HANA within our secure software development lifecycle by taking a step back. One of the... Read More »

In a threat modeling workshop for a specific scenario we discovered a message authorization issue. In the following I would like to repeat exemplarily the thinking that led to this discovery. The example I am using is completely fictitious and I... Read More »

Do you think you need a well renowned security expert to do threat modeling? I don’t think so. Sure it would be fun to do a Threat Modeling workshop with a guy like Bruce Schneier, but the sad truth is that he likely is not available or... Read More »

Last time I outlined our simple three steps methodology: Understand, Analyze and Prioritize. Sounds too simple? It may or may not be so simple depending on your viewpoint. Let’s dive a bit deeper on the topics. We aimed for a methodology... Read More »

Welcome back to our Threat Modeling blog. I think it is quite interesting and helpful to talk about the introduction of Threat Modeling @ SAP. In 2012 my boss asked me to lead a project introducing Threat Modeling into SAP development. I had... Read More »

Are you in with the Threat Modeling movement? We are, and to be honest, I am proud of it. In 2012 we introduced Threat Modeling at SAP, and from my personal viewpoint, this is one of the smartest moves SAP has taken within the security space for... Read More »

I recently took part in a design-thinking workshop to look at how we can use alternative approaches  to security-related issues at SAP, like serious gaming. We had to first come to an agreement on what we thought serious gaming was. Well, we... Read More »